Standard

Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme. / Irshad, Azeem; Naqvi, Husnain; Chaudhry, Shehzad Ashraf; Usman, Muhammad; Shafiq, Muhammad; Mir, Omid; Kanwal, Ambrina.

In: Information Technology and Control, Vol. 47, No. 3, 10.09.2020, p. 431-466.

Research output: Contribution to journalArticle

Harvard

Irshad, A, Naqvi, H, Chaudhry, SA, Usman, M, Shafiq, M, Mir, O & Kanwal, A 2020, 'Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme', Information Technology and Control, vol. 47, no. 3, pp. 431-466. https://doi.org/10.5755/j01.itc.47.3.17361

APA

Irshad, A., Naqvi, H., Chaudhry, S. A., Usman, M., Shafiq, M., Mir, O., & Kanwal, A. (2020). Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme. Information Technology and Control, 47(3), 431-466. https://doi.org/10.5755/j01.itc.47.3.17361

Vancouver

Irshad A, Naqvi H, Chaudhry SA, Usman M, Shafiq M, Mir O et al. Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme. Information Technology and Control. 2020 Sep 10;47(3):431-466. https://doi.org/10.5755/j01.itc.47.3.17361

Author

Irshad, Azeem ; Naqvi, Husnain ; Chaudhry, Shehzad Ashraf ; Usman, Muhammad ; Shafiq, Muhammad ; Mir, Omid ; Kanwal, Ambrina. / Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme. In: Information Technology and Control. 2020 ; Vol. 47, No. 3. pp. 431-466.

BibTeX

@article{177a140f2b0f4221a9175d9dd7f11cdc,
title = "Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme",
abstract = "Multi-server authentication makes convenient to benefit from services of various service providers on the basis of one-time registration through a trusted third party. Since, the users are reluctant to register themselves separately from all servers due to the hassle of remembering many passwords and other cost constraints. The multi-server authentication enables the immediate provision of services by the real-time verification of users on an insecure channel. The literature for multi-server oriented authenticated key agreement could be traced back to Li et al. and Lee et al., in 2000. Since then, numerous multi-server authentication techniques have been put forth. Nonetheless, the research academia looks for more secure and efficient authentication protocols. Recently, Chen and Lee’s scheme presented a two-factor multi-server key agreement protocol, which is found to be prone to impersonation, stolen smart card, key-compromise impersonation attack, and trace attacks. Besides, the scheme is also found to have the inefficient password modification procedure. We propose an improved protocol that counters the above limitations in almost an equivalent computation cost. Moreover, our protocol is supplemented with formal security analysis using BAN logic along with performance analysis and evaluation.",
keywords = "Multi-server authentication, Cryptanalysis, biometrics, remote authentication, attack",
author = "Azeem Irshad and Husnain Naqvi and Chaudhry, {Shehzad Ashraf} and Muhammad Usman and Muhammad Shafiq and Omid Mir and Ambrina Kanwal",
year = "2020",
month = "9",
day = "10",
doi = "10.5755/j01.itc.47.3.17361",
language = "English",
volume = "47",
pages = "431--466",
journal = "Information Technology and Control",
issn = "1392-124X",
publisher = "Kauno Technologijos Universitetas",
number = "3",

}

RIS

TY - JOUR

T1 - Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme

AU - Irshad, Azeem

AU - Naqvi, Husnain

AU - Chaudhry, Shehzad Ashraf

AU - Usman, Muhammad

AU - Shafiq, Muhammad

AU - Mir, Omid

AU - Kanwal, Ambrina

PY - 2020/9/10

Y1 - 2020/9/10

N2 - Multi-server authentication makes convenient to benefit from services of various service providers on the basis of one-time registration through a trusted third party. Since, the users are reluctant to register themselves separately from all servers due to the hassle of remembering many passwords and other cost constraints. The multi-server authentication enables the immediate provision of services by the real-time verification of users on an insecure channel. The literature for multi-server oriented authenticated key agreement could be traced back to Li et al. and Lee et al., in 2000. Since then, numerous multi-server authentication techniques have been put forth. Nonetheless, the research academia looks for more secure and efficient authentication protocols. Recently, Chen and Lee’s scheme presented a two-factor multi-server key agreement protocol, which is found to be prone to impersonation, stolen smart card, key-compromise impersonation attack, and trace attacks. Besides, the scheme is also found to have the inefficient password modification procedure. We propose an improved protocol that counters the above limitations in almost an equivalent computation cost. Moreover, our protocol is supplemented with formal security analysis using BAN logic along with performance analysis and evaluation.

AB - Multi-server authentication makes convenient to benefit from services of various service providers on the basis of one-time registration through a trusted third party. Since, the users are reluctant to register themselves separately from all servers due to the hassle of remembering many passwords and other cost constraints. The multi-server authentication enables the immediate provision of services by the real-time verification of users on an insecure channel. The literature for multi-server oriented authenticated key agreement could be traced back to Li et al. and Lee et al., in 2000. Since then, numerous multi-server authentication techniques have been put forth. Nonetheless, the research academia looks for more secure and efficient authentication protocols. Recently, Chen and Lee’s scheme presented a two-factor multi-server key agreement protocol, which is found to be prone to impersonation, stolen smart card, key-compromise impersonation attack, and trace attacks. Besides, the scheme is also found to have the inefficient password modification procedure. We propose an improved protocol that counters the above limitations in almost an equivalent computation cost. Moreover, our protocol is supplemented with formal security analysis using BAN logic along with performance analysis and evaluation.

KW - Multi-server authentication

KW - Cryptanalysis

KW - biometrics

KW - remote authentication

KW - attack

U2 - 10.5755/j01.itc.47.3.17361

DO - 10.5755/j01.itc.47.3.17361

M3 - Article

VL - 47

SP - 431

EP - 466

JO - Information Technology and Control

JF - Information Technology and Control

SN - 1392-124X

IS - 3

ER -

ID: 3691759